On 08/30/2013 10:46 AM, Jeffrey Lee wrote:
> Hi, how do you perform a crypt (one-way hash) on a password to check
> against an encrypted password stored in MySql?
You need to return the password hash with prefix that tells this is a
hash (and what kind of hash this is) and not a plain text passwords.
For example:
- password is fred
- MySQL hashing produces 0569ef75321b8fed
- You need to return {mysql}0569ef75321b8fed so that Radiator knows to
hash the incoming User-Password first instead of comparing it directly
to 0569ef75321b8fed.
> I have a <AuthBy SQL>
>
> AuthSelect call sp_GetUserPassword('%{User-Name}')
> AuthColumnDef 0, User-Password, check
>
> The stored procedure (MySql routine) will return the encrypted password,
> but since the password sent to Radiator is in clear-text, the
> authentication request will be rejected.
Change sp_GetUserPassword() to return {mysql}hashedvalue instead of
plain hashedvalue.
If that is not possible, use TranslatePasswordHook in the AuthBy:
TranslatePasswordHook sub { return '{mysql}' . $_[0]; }
> I'll need the clear-text password sent to radiator to be first encrypted
> (similar to PHP's crypt with salt) before comparing against database.
A better way to do this is to let Radiator know what the DB has. In this
case you need to tell it the DB has MySQL hashes.
> Does anyone have a solution to this?
Please let us know if the above helps.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
